ZTE AC3633R Authentication Bypass / Denial Of Service

2015-05-19T00:00:00
ID PACKETSTORM:131982
Type packetstorm
Reporter vishnu raju
Modified 2015-05-19T00:00:00

Description

                                        
                                            `Greetings from vishnu (@dH4wk)  
  
1. Vulnerable Product Version  
  
- ZTE AC3633R (MTS Ultra Wifi Modem)  
  
2. Vulnerability Information  
  
(A) Authentication Bypass  
Impact: Attacker gains administrative access  
Remotely Exploitable: UNKNOWN  
Locally Exploitable: YES  
  
(B) Device crash which results in reboot  
Impact: Denial of service, The crash may lead to RCE locally thus  
attaining root privilege on the device  
Remotely Exploitable: UNKNOWN  
Locally Exploitable: YES  
  
3. Vulnerability Description  
  
(A) The administrative authentication mechanism of the modem can be  
bypassed by feeding with a string of 121 characters in length, either in  
username or password field.  
  
(B) A crash causes the modem to restart. This is caused when either of  
the password or username fields are fed with an input of 130 characters  
or above.  
  
[Note: If username is targeted for exploitation, then password field shall  
be fed with minimum 6 characters (any characters) and vice versa ]  
  
  
`